Insider Threat: Prevention, Detection, Mitigation, and Deterrence

Insider threats have been the bane of organizations from time immemorial. When it comes to data threats, for over a decade, the CERT Insider Threat Center has been dedicated to combatting cybersecurity insider threats. Their scientific-based research is the gold standard on the topic.

While the CERT guide is more about the underlying reasons for the insider attacks and crimes, the approach in Gelles is how to build an enterprise program to deal with and defend against insider threats.

After providing a few chapters of introduction to the topic and problem, the book details a systematic method to developing an internal insider threat program.

Until I read about it in in the book, I had never heard of the Holistic Management of Employee Risk (HoMER), from the UK-based Centre for the Protection of National Infrastructure. HoMER provides guidance on organizational governance, security culture, and controls to help firms mitigate people risk. Like the CERT Insider Threat Center, HoMER has a significant amount of helpful material.

While many consider insiders to be employees, the book does a very good job of showing how to deal with other types of insiders, such as trusted vendors. Gelles reminds the reader of Edward Snowden, whose insider disclosure is perhaps the greatest insider breach today.

Aside from mentioning Marigold, a Deloitte software tool, Gelles seems to want to keep the book vendor agnostic and does not list any hardware or software tools that can be used for insider threat detection. Personally, I would have appreciated it had he created a list of such tools, as they are a crucial part of an insider threat program.

The book has a significant amount of charts and graphs which are invaluable in communicating to management the crucial importance of an insider threat program.